I have lambdas that reference a layer, this layer is maintained by someone else and when a new
version is released I have to update my terraform code to put the latest version in the arn (here 19).
Is there a way, in the terraform script, to get the latest version and use it?
module "lambda_function" {
source = "terraform-aws-modules/lambda/aws"
function_name = "my-lambda1"
description = "My awesome lambda function"
handler = "index.lambda_handler"
runtime = "python3.8"
source_path = "../src/lambda-function1"
tags = {
Name = "my-lambda1"
}
layers = [
"arn:aws:lambda:eu-central-1:587522145896:layer:my-layer-name:19"
]
}
Thanks.
ps : this means the layer's terraform script is not in mine, it's an other script that I don't have access to.
You can use the aws_lambda_layer_version data source to discover the latest version.
For example:
module "lambda_function" {
source = "terraform-aws-modules/lambda/aws"
function_name = "my-lambda1"
description = "My awesome lambda function"
handler = "index.lambda_handler"
runtime = "python3.8"
source_path = "../src/lambda-function1"
tags = {
Name = "my-lambda1"
}
layers = [
data.aws_lambda_layer_version.layer_version.arn
]
}
data "aws_lambda_layer_version" "layer_version" {
layer_name = "my-layer-name"
}
Related
all
I want to select automatically the image for the node in kubernetes nodepool when I select Shape, Operating System and Version. For this, I have this datasource
data "oci_core_images" "images" {
#Required
compartment_id = var.cluster_compartment
#Optional
# display_name = var.image_display_name
operating_system = var.cluster_node_image_operating_system
operating_system_version = var.cluster_node_image_operating_system_version
shape = var.cluster_node_shape
state = "AVAILABLE"
# sort_by = var.image_sort_by
# sort_order = var.image_sort_order
}
and I select the image in oci_containerengine_node_poolas
resource "oci_containerengine_node_pool" "node_pool01" {
# ...
node_shape = var.cluster_node_shape
node_shape_config {
memory_in_gbs = "16"
ocpus = "1"
}
node_source_details {
image_id = data.oci_core_images.images.images[0].id
source_type = "IMAGE"
}
}
But my problem seems to be that not all images are prepared for OKE (with the OKE software install in cloudinit).
So the documentation suggest to use the oci cli command:
oci ce node-pool-options get --node-pool-option-id all
And my question is: How can I do this in data in terraform (recover only OKE ready images)
You can use the oci_containerengine_node_pool_option
data "oci_containerengine_node_pool_option" "test_node_pool_option" {
#Required
node_pool_option_id = oci_containerengine_node_pool_option.test_node_pool_option.id
#Optional
compartment_id = var.compartment_id
}
Ref doc : https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/containerengine_node_pool_option
Github issue : https://github.com/oracle-terraform-modules/terraform-oci-oke/issues/263
Change log release details : https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/CHANGELOG.adoc#310-april-6-2021
i've setted up multiple github repos within my .tf configuration with a simple for_each on "github" repository resource. In addition i tried to create several branches (a branch per env) for each newly created repo.
My first intention was to use a module (./modules/github_repo/repo.tf) which includes
locals {
environments = var.environments
}
resource "github_branch" "branches" {
for_each = toset(setsubtract(local.environments, ["prod"]))
repository = "orgName/${var.REPO_NAME}"
branch = lookup(var.environment_to_branch_map, each.key, each.key)
source_branch = "master"
}
with following variables
variable "REPO_NAME" {
type = string
}
variable "environments" {
type = list(string)
}
variable "environment_to_branch_map" {
type = map(any)
default = {
"prod" = "master"
"dev" = "develop"
}
calling like this from main.tf
provider "github" {
token = var.GITHUB_TOKEN
owner = "orgName"
}
locals {
environments = ["dev", "prod", "staging", "test"]
microServices = tomap({ "service1" : "fnApp", "service2" : "fnApp" })
default_branch = "master"
}
module "branches_per_microservice" {
for_each = local.microServices
source = "./modules/github_repo"
REPO_NAME = each.key
environments = local.environments
depends_on = [github_repository.microservices]
}
unfortunately i get an 404 for each branch and repo combination like this
Error: Error querying GitHub branch reference /orgName/service1 (refs/heads/master): GET
https://api.github.com/repos//orgName/service1/git/ref/heads/master: 404 Not Found []
with
module.branches_per_microservice["service1"].github_branch.branches["test"]
on modules/github_repo/repo.tf line 23, in resource "github_branch" "branches":
i guess it's a "provider" thing, cause if i try to create a branch directly in the main.tf, it will work. but the problem is, that i only can use one loop within a resource. (i already know that providers are not possible in modules with count or for_each loops, as written in terraform docs)
resource "github_branch" "branches" {
for_each = toset(setsubtract(local.environments, ["prod"]))
repository = github_repository.microservices["service1"].name
branch = lookup(var.environment_to_branch_map, each.key, each.key)
source_branch = "master"
}
in this case, i have to create a resource for each "MicroService" manually, which i want to avoid heavily... Are there any ideas how i could "nest" the second loop over the environments to create my branches for each Micorservice repos?
Many thx in advance for any hint, idea or approach here...
Nested loop can be replaced with a single loop over the setproduct of two sets. The documentation for setproduct can be found here
https://www.terraform.io/language/functions/setproduct
I would like to create 2 VCN and other resources inside two or more regions.
I upload my code inside this github account
When i execute the code (you have to set the tenancy, user, fingerprint, etc) i don't have errors, but:
When I go to the root region, all is created (compartment and VCN)
when I go to the second region, the VCN is not created
terraform version: v1.0.2
my VCN module has:
terraform {
required_providers {
oci = {
source = "hashicorp/oci"
version = ">= 1.0.2"
configuration_aliases = [
oci.root,
oci.region1
]
}
}
}
And when i call the VCN module I pass:
module "vcn" {
source = "./modules/vcn"
providers = {
oci.root = oci.home
oci.region1 = oci.region1
}
...
...
And my providers are:
provider "oci" {
alias = "home"
tenancy_ocid = local.json_data.TERRAFORM_work.tenancy_ocid
user_ocid = local.json_data.TERRAFORM_work.user_ocid
private_key_path = local.json_data.TERRAFORM_work.private_key_path
fingerprint = local.json_data.TERRAFORM_work.fingerprint
region = local.json_data.TERRAFORM_work.region
}
provider "oci" {
alias = "region1"
region = var.region1
tenancy_ocid = local.json_data.TERRAFORM_work.tenancy_ocid
user_ocid = local.json_data.TERRAFORM_work.user_ocid
private_key_path = local.json_data.TERRAFORM_work.private_key_path
fingerprint = local.json_data.TERRAFORM_work.fingerprint
}
What should i change, to create this VCN inside the two regions or more, at the same time?
using the terraform plan and apply
Thanks so much
Your module module.vcn does not declare any provider. From docs:
each module must declare its own provider requirements,
So you have to add to your module something like:
terraform {
required_providers {
oci = {
source = "source_for-oci"
version = ">= your_version"
}
}
}
This was a previous question I asked: How to get AWS Lambda ARN using Terraform?
This question was answered but turns out didn't actually solve my problem so this is a follow up.
The terraform code I have written provisions a Lambda function:
Root module:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
provider "aws" {
region = var.region
profile = var.aws_profile
}
module "aws_lambda_function" {
source = "./modules/lambda_function"
}
Child module:
resource "aws_lambda_function" "lambda_function" {
function_name = "lambda_function"
handler = "lambda_function.lambda_handler"
runtime = "python3.8"
filename = "./task/dist/package.zip"
role = aws_iam_role.lambda_exec.arn
}
resource "aws_iam_role" "lambda_exec" {
name = "aws_iam_lambda"
assume_role_policy = file("policy.json")
}
What I want the user to be able to do to get the Lambda ARN:
terraform output
The problem: I cannot seem to include the following code anywhere in my terraform code as it causes a "ResourceNotFOundException: Function not found..." error.
data "aws_lambda_function" "existing" {
function_name = "lambda_function"
}
output "arn" {
value = data.aws_lambda_function.existing.arn
}
Where or how do I need to include this to be able to get the ARN or is this possible?
You can't lookup the data for a resource you are creating at the same time. You need to output the ARN from the module, and then output it again from the main terraform template.
In your Lambda module:
output "arn" {
value = aws_lambda_function.lambda_function.arn
}
Then in your main file:
output "arn" {
value = module.aws_lambda_function.arn
}
I have a terraform configuration that correctly creates a lambda function on aws with a zip file provided.
My problem is that I always have to package the lambda first (I use serverless package method for this), so I would like to execute a script that package my function and move the zip to the right directory before terraform creates the lambda function.
Is that possible? Maybe using a combination of null_resource and local-exec?
You already proposed the best answer :)
When you add a depends_on = ["null_resource.serverless_execution"] to your lambda resource, you can ensure, that packaging will be done before uploading the zip file.
Example:
resource "null_resource" "serverless_execution" {
provisioner "local-exec" {
command = "serverless package ..."
}
}
resource "aws_lambda_function" "update_lambda" {
depends_on = ["null_resource.serverless_execution"]
filename = "${path.module}/path/to/package.zip"
[...]
}
https://www.terraform.io/docs/provisioners/local-exec.html
The answer is already given, but I was looking for a way to install NPM modules on the fly, zip and then deploy Lambda function along with timeout if your lambda function size is large. So here is my finding may help someone else.
#Install NPM module before creating ZIP
resource "null_resource" "npm" {
provisioner "local-exec" {
command = "cd ../lambda-functions/loadbalancer-to-es/ && npm install --prod=only"
}
}
# Zip the Lamda function on the fly
data "archive_file" "source" {
type = "zip"
source_dir = "../lambda-functions/loadbalancer-to-es"
output_path = "../lambda-functions/loadbalancer-to-es.zip"
depends_on = ["null_resource.npm"]
}
# Created AWS Lamdba Function: Memory Size, NodeJS version, handler, endpoint, doctype and environment settings
resource "aws_lambda_function" "elb_logs_to_elasticsearch" {
filename = "${data.archive_file.source.output_path}"
function_name = "someprefix-alb-logs-to-elk"
description = "elb-logs-to-elasticsearch"
memory_size = 1024
timeout = 900
timeouts {
create = "30m"
}
runtime = "nodejs8.10"
role = "${aws_iam_role.role.arn}"
source_code_hash = "${base64sha256(data.archive_file.source.output_path)}"
handler = "index.handler"
# source_code_hash = "${base64sha256(file("/elb-logs-to-elasticsearch.zip"))}"
environment {
variables = {
ELK_ENDPOINT = "someprefix-elk.dns.co"
ELK_INDEX = "test-web-server-"
ELK_REGION = "us-west-2"
ELK_DOCKTYPE = "elb-access-logs"
}
}
}